Package org.keycloak.sdjwt.vp

Class SdJwtVP

java.lang.Object
org.keycloak.sdjwt.vp.SdJwtVP
public class SdJwtVP extends Object
Author:
Francis Pouatcha

  • Method Details

    • getClaims

      public Map<String,com.fasterxml.jackson.databind.node.ArrayNode> getClaims()

    • getIssuerSignedJWT

      public IssuerSignedJWT getIssuerSignedJWT()

    • getDisclosures

      public Map<String,String> getDisclosures()

    • getDisclosuresString

      public Collection<String> getDisclosuresString()

    • getRecursiveDigests

      public Map<String,String> getRecursiveDigests()

    • getGhostDigests

      public Collection<String> getGhostDigests()

    • getHashAlgorithm

      public String getHashAlgorithm()

    • getKeyBindingJWT

      public Optional<KeyBindingJWT> getKeyBindingJWT()

    • of

      public static SdJwtVP of(String sdJwtString)

    • getCnfClaim

      public com.fasterxml.jackson.databind.JsonNode getCnfClaim()

    • present

      public String present(List<String> disclosureDigests, boolean discloseAllClaims, com.fasterxml.jackson.databind.node.ObjectNode keyBindingClaims, SignatureSignerContext holdSignatureSignerContext)
      Create new Sd-JWT presentation from this Sd-JWT
      Parameters:
      disclosureDigests - Disclosure digests (hashes) of the claims to disclose.
      discloseAllClaims - When the parameter is true, then disclosureDigests parameter is ignored and everything is presented. When false, then only claims specified by disclosureDigests are presented
      keyBindingClaims - Key binding claims. When omitted, created presentation may not contain key-binding
      holdSignatureSignerContext - Useful for signing the key-binding JWT
      Returns:
      String with new Sd-JWT presentation with added key-binding and selected disclosed claims

    • presentWithSpecifiedClaims

      public String presentWithSpecifiedClaims(List<String> claimsToDisclose, boolean discloseAllClaims, com.fasterxml.jackson.databind.node.ObjectNode keyBindingClaims, SignatureSignerContext holdSignatureSignerContext)
      Create new Sd-JWT presentation from this Sd-JWT. It works same like present(List, boolean, ObjectNode, SignatureSignerContext) but it allows to specify the names of the claims to present (EG. given_name, family_name) instead of specifying disclosureDigests
      Parameters:
      claimsToDisclose - Names of the claims to disclose (EG. given_name, family_name)
      discloseAllClaims - Used in case that claimsToDisclose is empty or null. In case this is true, all the claims from this SdJWT will be disclosed. If it is false, then only claims specified by claimsToDisclose parameter would be disclosed
      keyBindingClaims - Key binding claims. When omitted, created presentation may not contain key-binding
      holdSignatureSignerContext - Useful for signing the key-binding JWT
      Returns:
      String with new Sd-JWT presentation with added key-binding and selected disclosed claims

    • verify

      public void verify(List<SignatureVerifierContext> issuerVerifyingKeys, IssuerSignedJwtVerificationOpts issuerSignedJwtVerificationOpts, KeyBindingJwtVerificationOpts keyBindingJwtVerificationOpts) throws VerificationException
      Verifies SD-JWT presentation.
      Parameters:
      issuerVerifyingKeys - Verifying keys for validating the Issuer-signed JWT. The caller is responsible for establishing trust in that the keys belong to the intended issuer.
      issuerSignedJwtVerificationOpts - Options to parameterize the Issuer-Signed JWT verification.
      keyBindingJwtVerificationOpts - Options to parameterize the Key Binding JWT verification. Must, among others, specify the Verifier's policy whether to check Key Binding.
      Throws:
      VerificationException - if verification failed

    • getSdJwtVerificationContext

      public SdJwtVerificationContext getSdJwtVerificationContext()
      Retrieve verification context for advanced scenarios.

    • toString

      public String toString()
      Overrides:
      toString in class Object

    • verbose

      public String verbose()